Vulnerabilities > CVE-2003-1399 - Information Disclosure vulnerability in Eject 2.0.10/2.0.11/2.0.12
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE local
eject
Summary
eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |